Connection Failure with PEAP0/1 with MSCHAPv2
Matthew Newton
mcn at freeradius.org
Wed May 13 11:23:36 CEST 2020
On 13/05/2020 09:17, Ammann, Lukas wrote:
> If i disable certificate validation on Win, Ubuntu and Android, the devices connect successfully.
Not a good idea, but for testing things, OK.
> The embedded device (TI CC3100MOD) however, also has disabled certification validation, but is unable to connect to the server.
It doesn't get as far as checking any certificates.
> I post the debug log output from freeradius below, can someone explain here where is goes wrong based in the log info?
> (52) eap: Peer sent packet with method EAP Identity (1)
> (52) eap: Calling submodule eap_md5 to process data
> (52) eap_md5: Issuing MD5 Challenge
...
> (53) eap: Peer sent packet with method EAP NAK (3)
> (53) eap: Found mutually acceptable type PEAP (25)
> (53) eap: Calling submodule eap_peap to process data
Set the default EAP type to peap and you'll save one round trip.
> (54) eap: Peer sent packet with method EAP NAK (3)
> (54) eap: Peer NAK'd indicating it is not willing to continue
> (54) eap: Sending EAP Failure (code 4) ID 2 length 4
You need to look in the logs on the device to see why it's not willing
to continue. It hasn't even got as far as exchanging certificates.
--
Matthew
More information about the Freeradius-Users
mailing list